The field of the invention relates generally to methods and systems for preventing fraud during payment card transactions, and, more particularly, to computer-implemented methods and systems for identifying a payment card transaction initiated with a specific payment card as being associated with an increased level of risk, and applying one or more rules to transactions initiated with the specific payment card.
Payment cards are used throughout the world, as a substitute for cash or checks, for financial transactions, as well as to enable cardholders to obtain cash, at banks, retail establishments, and/or automated teller machines (ATMs). Issuers of such payment cards maintain and operate networks to facilitate the processing of transactions involving their issued payment card. Such networks frequently are regional in nature, in that banks, retail establishments, and ATMs that are directly connected to a specific issuer may be limited to a region within a country, an international geopolitical region (such as a continent, like Europe), or an international economic region (such as the countries comprising the European Union), collectively referred to as a “geopolitical region.”
Although a particular card issuer's “home” network may be confined to a specific country or region, cardholders of that issuer frequently are still able to use their payment cards in locations far removed from their “home” country or region and outside of their “home” network. Specifically, many card issuers have agreements with other issuers outside of their own networks to honor the use of each other's cards within their own networks in out-of-network transactions. Considered another way, a payment card issued from one geopolitical region may be used (“honored”) in the ATMs, POS devices and other devices that are components of a network that is located in another geopolitical region. In that sense, the payment card may be considered “out-of-network.”
Many payment cards are provided with one or more security devices, such as integrated circuit chips and/or magnetically-encoded strips (“magstrips”) that are configured to communicate and exchange data with ATMs and point-of-sale (“POS”) devices. For example, EMV-standard integrated circuit (“chip”) cards carry both IC chips and magstrips. “EMV” stands for “Europay,” “MasterCard®” and “Visa®,” and is a global standard for inter-operation of IC cards and IC capable POS devices and ATMs, for authenticating credit and debit card transactions. Whether information from the chip or from the magstrip is used during a transaction depends, in part, on the location where the transaction is being initiated. For example, for an EMV card issued in a European country, transactions initiated within Europe will involve the activation of the chip. Information will be exchanged between the chip and the ATM or POS device. Approval of the transaction is provided through direct communication with the card issuer, presumably with a high degree of confidence in the validity of the card and the transaction.
When a “European” EMV card is used to initiate a transaction outside of Europe, however, the ATM or POS device may only engage the magstrip, which contains less information and/or information of a different character, than that obtainable through communication with the IC chip. In such transactions, the level of confidence that the card and/or transaction are legitimate is less. Payment cards bearing magstrips are frequently copied (“skimmed”). In addition, the personal identification (“PIN”) numbers associated with payment cards are likewise frequently stolen. Accordingly, when a European EMV card is used to initiate a magstripe acquired cash withdrawal at an ATM located in New York City, for example, there is an increased potential that the transaction may be fraudulent. In particular, because the ATM or POS device at which the transaction is initiated is across the border from the region in which the card was issued, and the ATM or POS device is not chip-enabled and outside of and not connected to the “home” network. Accordingly, the information which the ATM or POS device can access is less than what would be available to a “home” or in-network ATM or POS device.
It would be desirable to provide an automated system that enables a card payment processing network to promptly identify an attempted transaction involving an “out-of-network” payment card as well as whether it was chip or magstripe acquired. It would also be desirable to provide an automated system that, after identification of such an out-of-network payment card, imposes one or more limits on the attempted transaction.